Blog: Android

VTech Innotab Max: it’s getting even worse! Apps run in debug mode

consultant-placeholder08 David Lodge 03 Dec 2015

After extracting an image from an Innotab last night using the methods we blogged about yesterday, we mounted it and had a look.

Here’s the /data directory mounted on a Linux VM


Looking at the system/packages list and things get a whole lot scarier

The format below is:

package       UID       debugflag       path


As you can see highlighted, virtually all the com.vtech.* apps have the debugflag enabled.

This means that with an ADB connection you don’t actually need root to read their sandbox or manipulate them.

We covered the significance of this a while back here:

What will we find next??